Embed Size (px)
DESCRIPTION
A detailed presentation about Network security threats – malware
Citation preview
Network Security Threats – Malware
By. By. P. Victer PaulP. Victer Paul
Dear,Dear, We planned to share our eBooks and project/seminar contents We planned to share our eBooks and project/seminar contents for free to all needed friends like u.. To get to know about more for free to all needed friends like u.. To get to know about more free computerscience ebooks and technology advancements in free computerscience ebooks and technology advancements in computer science. Please visit....computer science. Please visit....
http://free-computerscience-ebooks.blogspot.com/
http://recent-computer-technology.blogspot.com/
http://computertechnologiesebooks.blogspot.com/
Please to keep provide many eBooks and technology news for Please to keep provide many eBooks and technology news for FREE. Encourage us by Clicking on the advertisement in these FREE. Encourage us by Clicking on the advertisement in these Blog.Blog.
Computer security
refers to the security of computers against intruders (e.g., hackers) and malicious software (e.g., viruses).
Threat - A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm..
Attack - Attack - An assault on system security that derives An assault on system security that derives from an intelligent threat from an intelligent threat
Network SecurityNetwork Security
refers to security against attacks which are often refers to security against attacks which are often maliciously used to consume and destroy the resources maliciously used to consume and destroy the resources of a network.of a network.
also cryptographic algorithms in network protocols and network applications.
Types of Network ThreatsTypes of Network Threats• logic attackslogic attacks
Logic attacks are known to exploit existing software bugs and Logic attacks are known to exploit existing software bugs and vulnerabilities with the intent of crashing a systemvulnerabilities with the intent of crashing a system
• resource attacks. resource attacks. Resource attacks are intended to overwhelm critical system resources Resource attacks are intended to overwhelm critical system resources
such as CPU and RAMsuch as CPU and RAM
What is Malware?What is Malware?
a contraction of "malicious software"a contraction of "malicious software" refers to software developed for the purpose of doing refers to software developed for the purpose of doing
harm.harm. Malware can be classified based on how they get Malware can be classified based on how they get
executed, how they spread, and/or what they do. executed, how they spread, and/or what they do. Malware is not a virus. In fact, it consists of viruses, Malware is not a virus. In fact, it consists of viruses,
worms, Trojan horses, adware, rootkits and many worms, Trojan horses, adware, rootkits and many other nasty infections. other nasty infections.
Types of MalwareTypes of Malware VirusesViruses
• Viruses work and spread by attaching themselves to other Viruses work and spread by attaching themselves to other pieces of software such that during the execution of the pieces of software such that during the execution of the program the viral code is executed.program the viral code is executed.
• corrupts and modifies system files on your computer to corrupts and modifies system files on your computer to cause damage cause damage
• distributed through various storage mediums such as a distributed through various storage mediums such as a flash driveflash drive
WormsWorms• worms are stand-alone software and does not have to attach worms are stand-alone software and does not have to attach
itself to a program in your system like a computer virusitself to a program in your system like a computer virus• damage to the computer network by causing damage to the computer network by causing increased increased
bandwidthbandwidth
Types of MalwareTypes of Malware
Trojan HorsesTrojan Horses• Similar to the mythical wooden horse used by the Greeks Similar to the mythical wooden horse used by the Greeks
to invade Troy.to invade Troy.
• the Trojan horse is a very deceptive program that appears the Trojan horse is a very deceptive program that appears harmless but is actually one of the most dangerous types of harmless but is actually one of the most dangerous types of malware.malware.
• may arrive as a friendly email attachment or present itself may arrive as a friendly email attachment or present itself as a useful application on a website as a useful application on a website
• does not have the ability to self replicate but to deliver does not have the ability to self replicate but to deliver destructive payloads and unload viruses, worms or spywaredestructive payloads and unload viruses, worms or spyware
Types of MalwareTypes of Malware SpywareSpyware
• a sneaky program that tracks and reports your computing a sneaky program that tracks and reports your computing activity without consent.activity without consent.
• such as browsing patterns in the more benign case or credit such as browsing patterns in the more benign case or credit card numbers in more serious ones.card numbers in more serious ones.
• usually comes bundled with free software and usually comes bundled with free software and automatically installs itself with the program you intended automatically installs itself with the program you intended to use.to use.
RootkitsRootkits• a single program or collection of programs designed to take a single program or collection of programs designed to take
complete control of a system.complete control of a system.• gives hacker all the abilities of a system administrator from gives hacker all the abilities of a system administrator from
a remote location.a remote location.• Often used to attack other machines, distribute spam or Often used to attack other machines, distribute spam or
steal passwords.steal passwords.
Types of MalwareTypes of Malware BackdoorBackdoor
• a piece of software that allows access to the computer a piece of software that allows access to the computer system bypassing the normal authentication procedures.system bypassing the normal authentication procedures.
• on how they work and spread there are two groups,on how they work and spread there are two groups, works much like a Trojan, i.e., they are manually inserted works much like a Trojan, i.e., they are manually inserted
into another piece of software, executed via their host into another piece of software, executed via their host software.software.
works more like a Worm i.e., they are standalone and get works more like a Worm i.e., they are standalone and get executed as part of the boot processexecuted as part of the boot process
Adware Adware • which is essentially add-supported software that has the which is essentially add-supported software that has the
ability to track your activity. ability to track your activity.
How To Tell If Malware Has How To Tell If Malware Has Entered Your PCEntered Your PC
You start seeing an excessive amount of pop-up ads.You start seeing an excessive amount of pop-up ads. Your PC's operating system slows down significantly.Your PC's operating system slows down significantly. The amount of spam you receive in your email increases.The amount of spam you receive in your email increases. Your email account may send out messages to your contact list Your email account may send out messages to your contact list
that you did not send. Sometimes it contains pornographic that you did not send. Sometimes it contains pornographic material or even a Trojan or worm.material or even a Trojan or worm.
The home page you have set in your browser is altered.The home page you have set in your browser is altered. When you try to access a web page in your favorites list, When you try to access a web page in your favorites list,
another web page appears that contains advertising or content another web page appears that contains advertising or content that encourages you to enter your personal information.that encourages you to enter your personal information.
Your computer completely crashes.Your computer completely crashes. You are unable to access your antivirus program to remove the You are unable to access your antivirus program to remove the
malware.malware.
Example virus - 1Example virus - 1
A Virus program to delete contents of ‘C’ drive. Simple virus cant detected by any antivirus....
• @Echo off Del C:\ *.* |y
And save that as .bat not .txt and RUN IT. It will delete the content of C:\ drive...
Example virus - 2Example virus - 2
A Virus Program to Disable USB Ports.A Virus Program to Disable USB Ports. to create a simple virus that disables/blocks the USB to create a simple virus that disables/blocks the USB
ports on the computer (PC).ports on the computer (PC). C programming language is used to create the virus.C programming language is used to create the virus. It contains the following two files,It contains the following two files,
• block_usb.c (source code) block_usb.c (source code) • unblock_usb.c (source code) unblock_usb.c (source code)
Example viruses - 3Example viruses - 3
Space EaterSpace Eater• using C programming language using C programming language • hen executed will eat up the hard disk space on the hen executed will eat up the hard disk space on the
root drive of the computer on which it is run.root drive of the computer on which it is run.• works pretty quickly and is capable of eating up works pretty quickly and is capable of eating up
approximately 1 GB of hard disk space for every approximately 1 GB of hard disk space for every minute it is run.minute it is run.
• What type of Malware is this????What type of Malware is this????
Space Eater TrojanSpace Eater Trojan
The algorithm of the Trojan is as followsThe algorithm of the Trojan is as follows1. Search for the 1. Search for the root driveroot drive2. Navigate to 2. Navigate to WindowsSystem32WindowsSystem32 on the root drive on the root drive3. Create the file named “3. Create the file named “spceshot.dllspceshot.dll””4. Start 4. Start dumping the junk data dumping the junk data onto the above file and keep onto the above file and keep
increasing it’s size until the drive is fullincreasing it’s size until the drive is full5. Once the drive is full, 5. Once the drive is full, stop the processstop the process..
not be able to clean up the hard disk space because the Trojan intelligently creates a huge file in the because the Trojan intelligently creates a huge file in the
WindowsSystem32WindowsSystem32 folder with the folder with the .dll .dll extension. extension. it is often ignored by disk cleanup softwares. there is now way it is often ignored by disk cleanup softwares. there is now way
to recover the hard disk space unless reformatting his drive. to recover the hard disk space unless reformatting his drive.
How to compile, test and remove the How to compile, test and remove the damage of Space Eater?damage of Space Eater?
Testing:Testing: • To test the Trojan, just run the To test the Trojan, just run the SpaceEater.exeSpaceEater.exe file on file on
your computer. It’ll generate a warning message at the your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up beginning. Once you accept it, the Trojan runs and eats up hard disk space. hard disk space.
How to remove the Damage and free up the space?How to remove the Damage and free up the space?• To remove the damage and free up the space, just type the To remove the damage and free up the space, just type the
following in the “following in the “runrun” dialog box.” dialog box.• %systemroot%system32%systemroot%system32• Now search for the file “Now search for the file “spceshot.dllspceshot.dll“. Just delete it and “. Just delete it and
you’re done. No need to re-format the hard disk.you’re done. No need to re-format the hard disk. NOTE: You can also change the ICON of the virus to make it look like a
legitimate program.
How does anti-virus software work? How does anti-virus software work?
An anti-virus software program is a computer program that An anti-virus software program is a computer program that can be used to scan files to identify and eliminate computer can be used to scan files to identify and eliminate computer viruses and other malicious software.viruses and other malicious software.
Anti-virus software typically uses two different techniques to Anti-virus software typically uses two different techniques to accomplish this: accomplish this:
• Dictionary basedDictionary based - - Examining files to look for known Examining files to look for known viruses by means of a virus dictionary viruses by means of a virus dictionary
• Suspicious behavior basedSuspicious behavior based - - Identifying suspicious Identifying suspicious behavior from any computer program which might indicate behavior from any computer program which might indicate infectioninfection
Thank uThank u
